Cryptographic key, encryption device, encryption/decryption device, cryptographic key management device, and decryption device

ABSTRACT

A cryptographic key  1  constituted to be freely attachable and detachable to/from a personal computer  2  encrypting and decrypting data by use of a cipher key includes: a pseudo random number generator  14  for generating a pseudo random number of a chaotic time series based on a data size of the data, a chaotic function and an initial value of the chaotic function; and a USB controller  12  for receiving the data size of the data from the personal computer  2  and transmitting the pseudo random number of the chaotic time series as the cipher key to the personal computer  2 , the pseudo random number being generated in the pseudo random number generator  14 , when the cryptographic key  1  is attached to the personal computer  2.

BACKGROUND OF THE INVENTION

The present invention relates to a cryptographic key having a pseudorandom number generator for generating a pseudo random number of achaotic time series, an encryption device for encrypting plaintext databy use of the pseudo random number of the chaotic time series from thecryptographic key, an encryption/decryption device for encrypting anddecrypting the plaintext data, a cryptographic key management device formanaging the cryptographic key, and a decryption device for decryptingcryptographic data.

Recent years, a universal serial bus. (USB) has been used as aninterface in which the same connector and cable are used coherently fora connection of a personal computer to relatively low-speed peripheralequipment such as a keyboard, a mouse, a speaker, a modem and a printer.In this USB, a data transfer rate between the personal computer and theperipheral equipment is, for example, 1.5 Mbps, which is relativelylow-speed.

There has been known an encryption device for encrypting data by use ofa personal computer and peripheral equipment, which are in conformitywith the standard of the USB as described above. This encryption deviceis constituted of a key information unit in which key information isregistered, and of a personal computer having a cryptographic algorithm,to which the key information unit is attached.

In the key information unit, there is a key information unit in whichthe key information is registered by a person at the time of purchasethereof, a key information unit in which the key information isregistered at the time of shipment thereof from a factory, or the like.Upon being equipped with the key information unit, the personal computerhas read out the key information from the key information unit, hascreated a cipher key from the key information by use of thecryptographic algorithm, and has encrypted plaintext data by use of thiscipher key, thus creating cryptographic data.

SUMMARY OF THE INVENTION

However, since the cryptographic algorithm is resident in the personalcomputer in the conventional encryption device, it will be facilitatedfor a third party to decipher the cipher key created by thecryptographic algorithm. Therefore, the conventional encryption devicehas had a problem that plaintext data on a personal computer owned by aperson is browsed easily by the third party.

Meanwhile, in the multiuser information and communication toward thenext generation, a code division multiple access (CDMA) system willbecome a mainstream, which uses a spread spectrum communication systemexcellent in confidentiality and having high performance of removing aninterference wave. In this spread spectrum communication system, apseudo random number generator capable of generating a pseudo randomnumber will become a key device. Here, an important matter on theindustrial technology is to realize a pseudo random number generatorcapable of generating many types of binary sequences that can bereproduced artificially and regarded as pseudo random numbers.

For example, an action such as throwing a coin and shaking a dice isrepresented as a true random number and has no reproductivity, and thuscannot be used as an industrial technology. On the other hand, unless anunpredictable number sequence is used, a sufficient scramble or spreadthereof cannot be realized.

Chaos has been known as one used to meet these two conditions. The chaoscontains a wave of every frequency, and the chaos and the random numberare very closely related to each other. Hence, it is possible to use aperiodic time series of the chaos as the pseudo random number.Therefore, an encryption processing for encrypting data by use of apseudo random number generator for generating a pseudo random numberbased on the chaotic time series has been desired.

An object of the present invention is to provide a cryptographic keycapable of preventing the data on the personal computer owned by aperson from being browsed by the third party easily by making thecryptographic algorithm difficult to be deciphered by the third party,the cryptographic algorithm using the pseudo random number generator forgenerating the pseudo random number of the chaotic time series.

Another object of the present invention is to provide an encryptiondevice capable of creating cryptographic data having highconfidentiality by carrying out the encryption by use of the pseudorandom number obtained by the pseudo random number generator owned bythe cryptographic key, and to provide an encryption/decryption deviceand a decryption device, which are capable of decrypting thecryptographic data easily.

Still another object of the present invention is to provide acryptographic key management device capable of managing thecryptographic key.

A first aspect of the present invention is a cryptographic keyconstituted to be freely attachable and detachable to/from an externaldevice encrypting and decrypting data by use of a cipher key, thecryptographic key comprising: a pseudo random number generator forgenerating a pseudo random number of a chaotic time series based on adata size of the data, a chaotic function and an initial value of thechaotic function; and a transmission/reception control unit forreceiving the data size of the data from the external device andtransmitting the pseudo random number of the chaotic time series as thecipher key to the external device, the pseudo random number beinggenerated in the pseudo random number generator, when the cryptographickey is attached to the external device.

According to the first aspect of the present invention, the pseudorandom number generator is provided in the cryptographic key as aseparate body from the external device, and only when the encryption orthe decryption is carried out, the cryptographic key is attached to theexternal device, and the pseudo random number of the chaotic time seriesis transmitted from the cryptographic key to the external device.Specifically, since the pseudo random number generator (cryptographicalgorithm) is not made to reside in the external device but built in thebody of the cryptographic key, it becomes difficult for the third partyto decipher the pseudo random number of the chaotic time series as thecipher key. Thus, the data on the personal computer owned by a personcan be prevented from being browsed by the third party.

A second aspect of the present invention is the cryptographic keyaccording to the first aspect, characterized in that the -pseudo randomnumber generator includes: a chaos generation loop constituted byincluding a pair of one-dimensional map circuits for generating thechaotic function, each having non-linear input/output characteristics, apair of CMOS switches for alternately performing opening and closingactions for paths on output sides of the respective one-dimensional mapcircuits in synchronization with an external clock, and a pair offeedback loops for feedbacking analog outputs of the respectiveone-dimensional map circuits through the respective CMOS switches toinput sides of the respective one-dimensional map circuits in a crossingmanner; and a pair of AD converters for converting, into digitalsignals, the analog outputs of the respective one-dimensional mapcircuits, the analog outputs being taken out through the respective CMOSswitches, and the respective one-dimensional map circuits iteratemapping alternately with the elapse of a discrete time defined by theexternal clock in the chaos generation loop to allow the pseudo randomnumber -generator to-output binary sequences as chaotic time seriesthrough the respective AD converters.

According to the second aspect of the present invention, the respectiveone-dimensional map circuits iterate the mapping alternately with theelapse of the discrete time defined by the external clock in the chaosgeneration loop, thus allowing the pseudo random number generator tooutput binary sequences as chaotic time series through the respective ADconverters. Both of the binary sequences taken out alternately are arraydata, each having a random number with “0” and “1” mixed randomly. Thebinary sequences arrayed in accordance with the integrated time seriesare obtained, thus making it possible to generate the pseudo randomnumber of the chaotic time series. Moreover, the pair of one-dimensionalcircuits iterate the mapping alternately, and the analog outputsobtained by the mapping are feedbacked in the crossing manner.Therefore, divergence and convergence of the analog outputs woven by thepair of one-dimensional map circuits are combined with an initial valuesensitivity particular to the chaos, thus breaking an occurrence balanceof “0” and “1” of the obtained binary sequences finely. Such a swingphenomenon particular to the chaos can contribute to the improvement ofrobustness of a stream cipher using the chaos.

A third aspect of the present invention is the cryptographic keyaccording to the second aspect, characterized in that the pseudo randomnumber generator further includes: a DA converter for converting aninitial value given in a digital signal mode into an analog signal; anda CMOS switch for performing opening and closing actions for a path onan output side of the DA converter in synchronization with the externalclock.

According to the third aspect of the present invention, an appliedvoltage equivalent to a real number is given through the DA converter. Aquantization resolution of the DA converter is being increased, and thusthe types of initial values are being increased. Consequently, the typesof time series which can be taken out can be increased. In theindustrial technology of the chaos, the maintaining of the initial valuesensitivity is an extremely important factor. The initial valuesensitivity is given through the DA converter. Therefore, with regard tothe pair of binary sequences with initial values different from eachother as starting points, the both are not superposed on each other evenif they are to be superposed while shifting phases thereof in anymanner. Thus, it is made possible to obtain the time series in whichboth auto-correlations and a cross-correlation are sufficiently small.

A fourth aspect of the present invention is the cryptographic keyaccording to the second aspect, characterized in that at least any oneof the pair of one-dimensional map circuits is constituted to be capableof adjusting the input/output characteristics of its own in accordancewith an external adjustment voltage.

According to the fourth aspect of the present invention, it is madepossible to adjust the input/output characteristics owned by theone-dimensional map circuit from the outside. Consequently, the types ofthe chaotic time series that can be taken out can be further increased.

A fifth aspect of the present invention is an encryption device forencrypting plaintext data by use of a cipher key, the encryption devicecomprising: a cryptographic key having a pseudo random number generatorfor generating a pseudo random number of a chaotic time series based ona data size of the plaintext data, a chaotic function and an initialvalue of the chaotic function; and an external device for transmittingthe data size of the plaintext data to the cryptographic key upon beingequipped with the cryptographic key, and for encrypting the plaintextdata by use of the pseudo random number of the chaotic time series asthe cipher key, the pseudo random number being sent from thecryptographic key.

According to the fifth aspect of the present invention, when thecryptographic key is attached to the external device, the externaldevice transmits the data size of the plaintext data to thecryptographic key, and encrypts the plaintext data by use of the pseudorandom number of the chaotic time series as the cipher key, the pseudorandom number being sent from the cryptographic key. Therefore, asimilar effect to that of the first aspect is obtained, andcryptographic data having high confidentiality can be created.

A sixth aspect of the present invention is the encryption deviceaccording to the fifth aspect, characterized in that the external deviceexecutes an exclusive-OR operation for the pseudo random number obtainedby the pseudo random number generator and the plaintext data to encryptthe plaintext data.

According to the sixth aspect of the present invention, the exclusive-ORoperation for the pseudo random number obtained by the pseudo randomnumber generator and the plaintext data is executed, thus making itpossible to encrypt the plaintext data.

A seventh aspect of the present invention is the encryption deviceaccording to the fifth aspect, characterized in that the cryptographickey stores a first password in advance, and the external device collatesa password inputted from an input unit and the first password stored inthe cryptographic key, and permits an encryption processing when both ofthe passwords coincide with each other.

According to the seventh aspect of the present invention, the externaldevice permits the encryption processing when the password inputted fromthe input unit and the first password stored in the cryptographic keycoincide with each other. Therefore, the confidentiality can beenhanced.

An eighth aspect of the present invention is an encryption/decryptiondevice for encrypting and decrypting plaintext data by use of a cipherkey, the encryption/decryption device comprising: a first cryptographickey having a pseudo random number generator for generating a pseudorandom number of a chaotic time series based on a data size of theplaintext data, a chaotic function and an initial value of the chaoticfunction; a second cryptographic key having a same constitution as thefirst cryptographic key; a first external device for transmitting thedata size of the plaintext data to the first cryptographic key uponbeing equipped with the first cryptographic key, and for encrypting theplaintext data by use of the pseudo random number of the chaotic timeseries from the first cryptographic key as the cipher key to createcryptographic data; and a second external device for receiving thecryptographic data from the first external device, for transmitting adata size of the cryptographic data to the second cryptographic key uponbeing equipped with the second cryptographic key, and for decrypting thecryptographic data by use of the pseudo random number of the chaotictime series from the second cryptographic key as the cipher key.

According to the eighth aspect of the present invention, the firstexternal device transmits the data size of the plaintext data, to thefirst cryptographic key upon being equipped with the first cryptographickey, and encrypts the plaintext data by use of the pseudo random numberof the chaotic time series from the first cryptographic key to createthe cryptographic data. The second external device receives thecryptographic data from the first external device, and transmits thedata size of the cryptographic data to the second cryptographic key uponbeing equipped with the second cryptographic key, then decrypts thecryptographic data by use of the pseudo random number of the chaotictime series from the second cryptographic key. Therefore, the plaintextdata on the transmission side can be obtained on the reception side.

A ninth aspect of the present invention is the encryption/decryptiondevice according to the eighth aspect, characterized in that the firstexternal device executes an exclusive-OR operation for the pseudo randomnumber obtained by the pseudo random number generator in thefirst-cryptographic key and the plaintext data to encrypt the plaintextdata, and the second external device executes an exclusive-OR operationfor the pseudo random number obtained by the pseudo random numbergenerator in the second cryptographic key and the cryptographic data todecrypt the cryptographic data.

According to the ninth aspect of the present invention, the firstexternal device executes the exclusive-OR operation for the pseudorandom number obtained by the pseudo random number generator in thefirst cryptographic key and the plaintext data to encrypt the plaintextdata. Moreover, the second external device executes the exclusive-ORoperation for the pseudo random number obtained by the pseudo randomnumber generator in the second cryptographic key and the cryptographicdata to decrypt the cryptographic data. Therefore, the plaintext data onthe transmission side can be obtained on the reception side.

A tenth aspect of the present invention is the encryption/decryptiondevice according to the eighth aspect, characterized in that the firstcryptographic key stores a first password in advance, the secondcryptographic key stores a second password in advance, the firstexternal device collates a password inputted from a first input unit andthe first password stored in the first cryptographic key, and permits anencryption processing when both of the passwords coincide with eachother, and the second external device collates a password inputted froma second input unit and the second password stored in the secondcryptographic key, and permits a decryption processing when both of thepasswords coincide with each other.

According to the tenth aspect, of the present invention, the encryptionprocessing is permitted on the transmission side when both of thepasswords coincide with each other, and the decryption processing ispermitted on the reception side when both of the passwords coincide witheach other. Therefore, the confidentiality can be enhanced on each ofthe transmission and reception sides.

An eleventh aspect of the present invention is a cryptographic keymanagement device for managing a cryptographic key constituted to befreely attachable and detachable to/from an external device,characterized in that the cryptographic key includes: a pseudo randomnumber generator for generating a pseudo random number of a chaotic timeseries based on a data size of data, a chaotic function and an initialvalue of the chaotic function; a transmission/reception control unit forreceiving the data size of the data from the external device andtransmitting the pseudo random number of the chaotic time series as thecipher key to the external device, the pseudo-random number beinggenerated in the pseudo random number generator, when the cryptographickey is attached to the external device; and a memory having a programarea for storing a program, an update password for indicating permissionand refusal of update of the program of the program area, and a programupdate area for storing the update program, the external deviceincludes: a password deletion unit for sending out a delete command tothe cryptographic key to delete the update password therefrom whenupdating the program of the program area in the memory; and atransmission unit for transmitting the update program in a unit of apredetermined length to the cryptographic key after deleting the updatepassword, and the cryptographic key turns into an update mode by thedeletion of the update password, and stores the update program from theexternal device in the unit of the predetermined length in the programupdate area, then transports the update program in the unit of thepredetermined length to the program area, the update program beingstored in the program update area.

According to the eleventh aspect of the present invention, the externaldevice sends out the delete command to the cryptographic key to deletethe update password therefrom when updating the program of the programarea in the memory. Then, the external device transmits the updateprogram in the unit of the predetermined length to the cryptographic keyafter deleting the update password. Meanwhile, the cryptographic keyturns into the update mode by the deletion of the update password, andstores the update program from the external device in the unit of thepredetermined length in the program update area. Then, the cryptographickey transports the update program in the unit of the predeterminedlength to the program area, the update program being stored in theprogram update area. Therefore, the program in the memory of thecryptographic key can be rewritten from the external device easily, andthe rewrite of the application program is determined depending onwhether or not the update password exists. Therefore, only a specificperson can rewrite the application program.

A twelfth aspect of the present invention is the cryptographic keymanagement device according to the eleventh aspect, characterized inthat the transmission unit of the external device transmits the updateprogram and the update password to the cryptographic key, and thecryptographic key stores the update password in the memory when storingthe update program in the program update area.

According to the twelfth aspect of the present invention, thecryptographic key can store the update password from the external devicein the memory when storing the update program from the external devicein the program update area.

A thirteenth aspect of the present invention is the cryptographic keymanagement device according to the twelfth aspect, characterized in thatthe cryptographic key activates the program of the program area when theupdate password is stored in the memory when a power source is turnedon.

According to the thirteenth aspect of the present invention, thecryptographic key can activate the program of the program area when theupdate password is stored in the memory when the power source is turnedon, thus making it possible to carry out a usual processing.

A fourteenth aspect of the present invention is a cryptographic keymanagement device for managing a cryptographic key constituted to befreely attachable and detachable to/from an external device,characterized in that the external device includes: an initial valuetable storing a cryptographic key number and an initial value of achaotic function for each cryptographic key, the cryptographic keynumber and the initial value being made to correspond to each other; anda transmission unit for reading out the initial value corresponding tothe cryptographic key number from the initial value table to transmitthe initial value to the cryptographic key when the cryptographic key isattached to the external device, and the cryptographic key includes: amemory for storing the initial value from the external device; and apseudo random number generator for generating a pseudo random number ofa chaotic time series based on the initial value stored in the memory, adata size of data and the chaotic function.

According to the fourteenth aspect of the present invention, theexternal device reads out the initial value corresponding to thecryptographic key number from the initial value table and transmits theinitial value to the cryptographic key upon being equipped with thecryptographic key. The cryptographic key stores the initial value fromthe external device in the memory, and generates the pseudo randomnumber of the chaotic time series based on the initial value stored inthe memory, the data size of the data and the chaotic function. Hence,from the external device, the initial value corresponding to thecryptographic key can be registered in the memory in the cryptographickey for each cryptographic key.

A fifteenth aspect of the present invention is the cryptographic keymanagement device according to the fourteenth aspect, characterized inthat the external device includes: an input unit for receiving thecryptographic key number and the initial value for each cryptographickey; and a storage control unit for allowing the initial value table tostore the cryptographic key number and the initial value for eachcryptographic key, the cryptographic key number and the initial valuebeing inputted from the input unit.

According to the fifteenth aspect of the present invention, when theinput unit inputs the cryptographic key number and the initial value foreach cryptographic key, the storage control unit allows the initialvalue table to store the cryptographic key number and the initial valuefor each cryptographic key, which are inputted from the input unit.Therefore, the initial value can be managed for each cryptographic keyby the created initial value table.

A sixteenth aspect of the present invention is a decryption device fordecrypting cryptographic data by use of a cryptographic key constitutedto be freely attachable and detachable to/from an external device,characterized in that the external device includes: a cryptographic filestoring the cryptographic data and a group password inherent in aplurality of users capable of using the cryptographic data; atransmission unit for transmitting the group-password and a data size ofthe cryptographic data to the cryptographic key when an inputtedpassword coincides with the group password stored in the cryptographicfile; and a decryption unit for decrypting the cryptographic data in thecryptographic file by use of a cipher key from the cryptographic key,and the cryptographic key includes: a pseudo random number generator forgenerating a pseudo random number of a chaotic time series based on thedata size of the cryptographic data from the external device, a chaoticfunction and the group password as an initial value of the chaoticfunction; and a transmission/reception control unit for receiving thegroup password and the data size of the cryptographic data from theexternal device, and for transmitting the pseudo random number of thechaotic time series as the cipher key to the external device, the pseudorandom number being generated in the pseudo random number generator.

According to the sixteenth aspect of the present invention, the externaldevice transmits the group password and the data size of thecryptographic data to the cryptographic key when the inputted passwordcoincides with the group password stored in the cryptographic file.Meanwhile, the cryptographic key generates the pseudo random number ofthe chaotic time series based on the data size of the cryptographic datafrom the external device, the chaotic function and the group password asthe initial value of the chaotic function. Then, the cryptographic keytransmits the generated pseudo random number of the chaotic time seriesas the cipher key to the external device. The external device decryptsthe cryptographic data in the cryptographic file by use of the cipherkey from the cryptographic key. Specifically, the group password isdefined as the initial value, thus making it possible to share thecryptographic file in the group composed of the plurality of users.

A seventeenth aspect of the present invention is the decryption deviceaccording to the sixteenth aspect, characterized in that the externaldevice further includes: a determination unit for determining whether ornot group mode information for indicating that the plurality of userscan use the cryptographic data is in the cryptographic file; and arequest unit for requesting input of the password when the group modeinformation is in the cryptographic file.

According to the seventeenth aspect of the present invention, theexternal device determines whether or not the group mode information isin the cryptographic file. When the group mode information is in thecryptographic file, the external device requests input of the password.Therefore, only when there is the group mode information and theinputted password coincides with the group password stored in thecryptographic file, the cryptographic file can be shared in the groupcomposed of the plurality of users.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing a constitution of an encryption deviceof a first embodiment according to the present invention.

FIG. 2 is a diagram showing a time series waveform of logistic mapchaos.

FIG. 3 is a diagram explaining a concrete example of encryption using apseudo random number as a cipher key.

FIG. 4 is a sequence diagram explaining an encryption processing on atransmission side.

FIG. 5 is a block diagram showing a constitution of anencryption/decryption device of a second embodiment according to thepresent invention.

FIG. 6 is a diagram explaining a concrete example of encryption anddecryption, which use the pseudo random number as the cipher key.

FIG. 7 is a sequence diagram explaining a decryption processing on areception side.

FIG. 8 is a sequence diagram showing in detail a communicationprocessing between a USB key and a personal computer.

FIG. 9 is a block diagram schematically showing a constitution of apseudo random number generator.

FIG. 10 is a diagram showing a circuit obtained by integrating thepseudo random number generator.

FIG. 11 is a block diagram showing a constitution of a cryptographic keymanagement device of a third embodiment according to the presentinvention.

FIG. 12 is a diagram showing a principal constitution of a personalcomputer of the cryptographic key management device of the thirdembodiment and a memory region constitution of a memory in a USB keythereof.

FIG. 13 is a diagram showing a sequence for rewriting a program of thememory in the USB key from the personal computer of the cryptographickey management device of the third embodiment.

FIG. 14 is a flowchart showing activation of an application program oran update program of the memory in the USB key of the cryptographic keymanagement device of the third embodiment.

FIG. 15 is a block diagram showing a constitution of a cryptographic keymanagement device of a fourth embodiment according to the presentinvention.

FIG. 16 is a diagram showing a constitution of an initial value table ina personal computer of the cryptographic key management device of thefourth embodiment according to the present invention.

FIG. 17 is a flowchart showing a preparation processing of the initialvalue table by the personal computer of the cryptographic key managementdevice of the fourth embodiment according to the present invention.

FIG. 18 is a flowchart showing a registration processing of an initialvalue to a memory of a USB key from the personal computer of thecryptographic key management device of the fourth embodiment accordingto the present invention.

FIG. 19 is a block diagram showing a constitution of a decryption deviceof a fifth embodiment according to the present invention.

FIG. 20 is a diagram showing a constitution of a cryptographic file in apersonal computer of the decryption device of the fifth embodimentaccording to the present invention.

FIG. 21 is a flowchart showing a decryption processing in the decryptiondevice of the fifth embodiment according to the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Description will be made below in detail with reference to the drawingsfor embodiments of an encryption device and an encryption/decryptiondevice, each including a cryptographic key according to the presentinvention.

First Embodiment

FIG. 1 is a block diagram showing a constitution of an encryption deviceof a first embodiment according to the present invention. The encryptiondevice shown in FIG. 1 is constituted by having a personal computer 2(corresponding to an external device of the present invention) forencrypting plaintext data by use of a cipher key and having a USB key 1(corresponding to a cryptographic key of the present invention) which isconstituted to be freely attachable and detachable to/from the personalcomputer 2 and adapted to the USB standard. Note that the externaldevice may be a mobile terminal such as a cellular phone instead of thepersonal computer.

The USB key 1 is portable and owned by a person, and a key's protrusion10 is formed on the USB key 1. This key's protrusion 10 is inserted intoa computer's groove 20 formed on the personal computer 2, and thus theUSB key 1 and the personal computer 2 are electrically connected to eachother, and data communication can be mutually carried out therebetween.

The USB key 1 is constituted by having an input/output unit 11 foradministering input/output of data with the personal computer 2, a USBcontroller 12, a memory 13, and a pseudo random number generator 14.

The pseudo random number generator 14 generates a pseudo, random numberof a chaotic time series waveform based on a data size of plaintextdata, a chaotic function and an initial value of this chaotic function.Description will be made for the pseudo random number based on thechaotic time-series waveform. It is generally known that the chaotictime series waveform behaves irregularly. Therefore, the pseudo randomnumber generator 14 generates the pseudo random number by use of thechaotic time series waveform.

As one of typical models of creating the chaotic time series waveform,there is a logistic map. A formula of this logistic map is representedas a recurrence formula shown in a formula (1).x(t+1)=4x(t){1−x(t)} x(t)=x(t+1)   (1)where t is a discrete time, and x(t) corresponds to the above-mentionedchaotic function. When an initial value x(0) is given to the formula (1)and the discrete time (t) is changed from 0 to, for example, 100 foreach fixed time Δt (discretely), a chaotic time series waveform based onthe logistic map, which is as shown in FIG. 2, is obtained. In FIG. 2,values of x(t) for each fixed time Δt are plotted.

This logistic map is a time series waveform where the values iterateincrease/reduction, and a state of the time series waveform is greatlychanged by a slight change of the initial value x(0). Specifically, theformula of the logistic map depends on the initial value x(0)sensitively. This is referred to as an initial value sensitivity.Therefore, plural types of pseudo random numbers of the chaotic timeseries waveforms can be generated by changing the initial value x(0),thus making it possible to fabricate plural types of USB keys 1.

Furthermore, because of non-linear characteristics of the formula of thelogistic map, x(t) does not take the same value twice and hasirreversibility. Therefore, since the value of x(t) cannot be predictedby a simple inverse calculation, confidentiality thereof can beenhanced.

Note that description will be made later in detail for a concretecircuit configuration of the pseudo random number generator.

The memory 13 stores the initial value of the chaotic function and apassword of a person owning the key. The USB controller 12(corresponding to a transmission/reception control unit of the presentinvention) controls the respective units. When the USB key 1 is attachedto the personal computer 2, the USB controller 12 receives a data sizeof plaintext data from the personal computer 2 and transmits the pseudorandom number of the chaotic time series generated in the pseudo randomnumber generator 14 as the cipher key to the personal computer 2.

Here, the one actually used as the cryptographic key is a pseudo randomnumber having a size corresponding to the above-described data sizeamong the pseudo random numbers of the above-described chaotic timeseries. The case where the pseudo random number of the chaotic timeseries is used as the cryptographic key in the following descriptionalso implies the above matter.

The personal computer 2 transmits the data size of the plaintext data tothe USB key 1 when the USB key 1 is attached thereto, and encrypts theplaintext data by use of the pseudo random number of the chaotic timeseries, which, is sent from the USB key 1, as the cipher key. Thepersonal computer 2 is constituted by having an input/output unit 21 foradministering input/output of data with the USB key 1, a controller 22,a memory 23 for storing the personal password, various data and thelike, which are inputted from an input unit 3, an exclusive-OR circuit(hereinafter, abbreviated as XOR) 24, and a transmission unit 25. Theinput unit 3 for inputting the plaintext data, other various data andthe like to the personal computer 2 and a display unit 4 for displayingthe data on a screen are connected to the personal computer 2.

When the USB key 1 is attached to the personal computer 2, thecontroller 22 receives an attachment signal from the USB key 1,transmits the number of bytes of the plaintext data (the numbercorresponding to the data size of the present invention) to the USB key1, and receives, from the USB key 1, the pseudo random number of thechaotic time series, which is obtained by the pseudo random numbergenerator 14. Moreover, the controller 22 collates the password inputtedfrom the input unit 3 and the password stored in the USB key 1, andpermits the encryption processing when both of the passwords coincidewith each other. The XOR 24 executes an exclusive-OR operation for thepseudo random number of the chaotic time series from the controller 22and the plaintext data, and thus encrypts the plaintext data. Then, theXOR 24 outputs the obtained cryptographic data to the transmission unit25.

Next, description will be made in detail for an action of the encryptiondevice including the cryptographic key constituted as described abovewith reference to FIG. 1 to FIG. 4. FIG. 3 is a diagram explaining aconcrete example of the encryption using the pseudo random number as thecipher key. FIG. 4 is a sequence diagram explaining an encryptionprocessing on a transmission side.

First, the USB key 1 is attached to the personal computer 2 (Step S1),and the personal computer 2 is activated (Step S2). Then, a password ofa user is inputted to the personal computer 2 from the input unit 3(Step S3).

Next, the personal computer 2 makes a request for a password to the USBkey 1 (d1). In the USB key 1, in response to the request for thepassword, the USB controller 12 reads out the password from the memory13 and transmits this password to the personal computer 2 (d2).

Next, the controller 22 in the personal computer 2 determines whetherthe password inputted from the input unit 3 has coincided with thepassword stored in the USB key 1 (Step S5). When both of the passwordsdo not coincide with each other, the encryption processing is notcarried out. When both of the passwords coincide with each other, theencryption processing is permitted, and the number of bytes of theplaintext data is transmitted to the USB key 1 (d3).

In the USB key 1, the pseudo random number generator 14 generates thepseudo random number of the chaotic time series based on the number ofbytes of the received plaintext data, the chaotic function and theinitial value of this chaotic function (Step S7). Then, the USBcontroller 12 transmits the pseudo random number of the chaotic timeseries, which is obtained by the pseudo random number generator 14 andhas a size corresponding to this data size, to the personal computer 2(d4).

In the personal computer 2, the XOR 24 executes the exclusive-ORoperation for the pseudo random number from the controller 22 and theplaintext data, and thus carries out the encryption for the plaintextdata. Then, the XOR 24 outputs the obtained cryptographic data to thetransmission unit 25 (Step S8). For example, as shown in FIG. 3, theplaintext data is defined as “011001,” the random number as the cipherkey is defined as “100100,” and an XOR of the both is taken. Then,“111101” is obtained as cryptographic data. The transmission unit 25transmits the cryptographic data from the XOR 24 to the outside.Moreover, the cryptographic data is stored in the memory 23.

As described above, according to the encryption device of the firstembodiment, the pseudo random number generator 14 is provided in the USBkey 1 as a separate body from the personal computer 2, and only when theencryption is carried out, the USB key 1 is attached to the personalcomputer 2, and the pseudo random number of the chaotic time series istransmitted from the USB key 1 to the personal computer 2. Specifically,since the pseudo random number generator 14 (cryptographic algorithm) isnot provided in the personal computer 2 but built in the body of the USBkey, it becomes difficult for the third party to decipher the pseudorandom number of the chaotic time series as the cipher key. Thus, thedata on the personal computer owned by a person can be prevented frombeing browsed by the third party.

Moreover, files of various formats such as a document and an image canbe encrypted only by inserting the USB key 1 into the personal computer2 at the time of use thereof. Furthermore, if a destination alsopossesses such a USB key 1, then a confidential cryptographic mail bythe cryptographic data can be transmitted to the destination.

Moreover, since the pseudo random number generator 14 is not provided inthe personal computer 2, a processing load of the personal computer 2can be reduced.

Furthermore, since the encryption processing cannot be carried out ifthe password on the USB key 1 side and the password on the personalcomputer 2 side do not coincide with each other, the confidentialitythereof can be further improved.

Moreover, since the plural types of pseudo random numbers of the chaotictime series can be generated by changing the initial value x(0), pluraltypes of the USB keys 1 can be fabricated, thus making it possible touse the keys in plural groups.

Moreover, since the pseudo random number of the chaotic time series canbe generated at a high speed, the mode of this embodiment has anencryption processing speed which is approximately 80 times that of adata encryption standard (DES) mode as a conventional general encryptionmode.

Second Embodiment

Next, description will be made in detail for an encryption/decryptiondevice of a second embodiment according to the present invention. Thisencryption/decryption device is characterized in that it encryptsplaintext data on a transmission side and transmits the data to areception side, then decrypts the cryptographic data received by thereception side, thus obtaining the original plaintext data.

FIG. 5 is a block diagram showing a constitution of theencryption/decryption device of the second embodiment according to thepresent invention. As shown in FIG. 5, the encryption/decryption deviceis constituted by having a personal computer 2 a of the transmissionside, a USB key la attached to this personal computer 2 a, a personalcomputer 2 b of the reception side, a USB key 1 b attached to thispersonal computer 2 b, and the Internet 5 for carrying out mutual datacommunication between both of the personal computers 2 a and 2 b.

The USB key 1 a of the transmission side has the same constitution andfunction as those of the USB key 1 shown in FIG. 1, is constituted to befreely attachable and detachable to/from the personal computer 2 a, andis constituted by having an input/output unit 11 a, a USB controller 12a, a memory 13 a and a pseudo random number generator 14 a. The personalcomputer 2 a of the transmission side has the same constitution andfunction as those of the personal computer 2 shown in FIG. 1, and isconstituted by having an input/output unit 21 a, a controller 22 a, amemory 23 a, an XOR 24 a and a transmission unit 25 a. An input unit 3 aand a display unit 4 a are connected to the personal computer 2 a.

The USB key 1 b of the reception side has the same constitution andfunction as those of the USB key 1 a, is constituted to be freelyattachable and detachable to/from the personal computer 2 b, and isconstituted by having an input/output unit 11 b, a USB controller 12 b,a memory 13 b and a pseudo random number generator 14 b. The memory 13 bstores a password of a person owning a key and an initial value equal toan initial value x(0) of a chaotic function x(t) generated in the pseudorandom number generator 14 a of the transmission side. The USBcontroller 12 b controls the respective units. When the USB key 1 b isattached to the personal computer 2 b, the USB controller 12 b receivesa data size of the cryptographic data from the personal computer 2 b,and transmits the pseudo random number of the chaotic time seriesgenerated in the pseudo random number generator 14 b as a cipher key tothe personal computer 2.

The personal computer 2 b of the reception side has approximately thesame constitution and the same function as those of the personalcomputer 2 a. Upon being equipped with the USB key 1 b, the personalcomputer 2 b transmits the data size of the cryptographic data to theUSB key 1 b, and decrypts the cryptographic data by use of the pseudorandom number of the chaotic time series, which is sent from the USB key1 b, as the cipher key. The personal computer 2 b is constituted byhaving an input/output unit 21 b, a controller 22 b, a memory 23 b, anXOR 24 b and a reception unit 25 b. An input unit 3 b and a display unit4 b are connected to the personal computer 2 b.

The reception unit 25 b receives the cryptographic data from thetransmission side through the Internet 5, and transmits the receivedcryptographic data to the controller 22 b and the XOR 24 b. Upon beingequipped with the USB key 1 b, the controller 22 b receives anattachment signal from the USB key 1 b, transmits the number of bytes ofthe cryptographic data to the USB key 1 b, and receives the pseudorandom number of the chaotic time series, which is obtained by thepseudo random number generator 14 b, from the USB key 1 b. Moreover, thecontroller 22 b collates the password inputted from the input unit 3 band the password stored in the USB key 1 b, and permits the encryptionprocessing when both of the passwords coincide with each other. The XOR24 b executes an exclusive-OR operation for the pseudo random number ofthe chaotic time series from the controller 22 b and the cryptographicdata, and thus carries out the decryption for the cryptographic data.Then, the XOR 24 b obtains plaintext data as the decrypted data.

Next, description will be made for an action of theencryption/decryption device constituted as described above. FIG. 6 is adiagram explaining a concrete example of the encryption and decryption,which, use the pseudo random number as the cipher key. FIG. 7 is asequence diagram explaining a decryption processing on the receptionside.

Note that the encryption processing by the personal computer 2 a and theUSB key 1 a on the transmission side is the same as the processing inthe sequence diagram shown in FIG. 4. Therefore, here, descriptionthereof will be omitted, and description will be made only for adecryption processing by the personal computer 2 b and the USB key 1 bon the reception side.

First, the cryptographic data is transmitted to the personal computer 2b of the reception side through the Internet 5.

Meanwhile, on the reception side, the USB key 1 b is attached to thepersonal computer 2 b (Step S11), and the personal computer 2 b isactivated (Step S12). Then, a password of a user is inputted from theinput unit 3 b to the personal computer 2 b (Step S13).

Next, the personal computer 2 b makes a request for a password to theUSB key 1 b (d11). In the USB key 1 b, in response to the request forthe password, the USB controller 12 b reads out the password from thememory 13 b, and transmits this password to the personal computer 2 b(d12).

Next, the controller 22 b in the personal computer 2 b determineswhether the password inputted from the input unit 3 b has coincided withthe password stored in the USB key 1 b (Step S15). When both of thepasswords do not coincide with each other, the decryption processing isnot carried out. When both of the passwords coincide with each other,the decryption processing is permitted, and the number of bytes of thecryptographic data is transmitted to the USB key 1 b (d13).

In the USB key 1 b, the pseudo random number generator 14 b generatesthe pseudo random number of the chaotic time series based on the numberof bytes of the received cryptographic data, the chaotic function andthe initial value of this chaotic function (Step S17). Then, the USBcontroller 12 b transmits the pseudo random number obtained by thepseudo random number generator 14 b to the personal computer 2 b (d14).

In the personal computer 2 b, the XOR 24 b executes the exclusive-ORoperation for the pseudo random number from the controller 22 b and thecryptographic data, and thus carries out the decryption for thecryptographic data. Then, the XOR 24 b obtains the plaintext data as thedecrypted data (Step S18). For example, as shown in FIG. 6, thecryptographic data is defined as “111101,” the random number as thecipher key is defined as “100100,” and an XOR of the both is taken.Then, “011001” is obtained as decrypted data, which becomes equal to theplaintext data.

As described above, according to the encryption/decryption device of thesecond embodiment, since the USB key 1 a and the personal computer 2 aconstitute the encryption device, a similar effect to that of theencryption device of the first embodiment is obtained.

Moreover, the pseudo random number generator 14 b is provided in the USBkey 1 b as a separate body from the personal computer 2 b, and only whenthe decryption is carried out, the USB key 1 b is attached to thepersonal computer 2 b, and the pseudo random number is transmitted fromthe USB key 1 b to the personal computer 2 b. Specifically, since thepseudo random number generator 14 b is not made to reside in thepersonal computer 2 b but built in the body of the USB key, it becomesdifficult for the third party to decipher the pseudo random number ofthe chaotic time series as the cipher key. Moreover, since a filecomposed of the data cannot be browsed without the USB key 1 b,confidentiality thereof can be enhanced.

In this case, the same initial value x(0) is given to the pseudo randomnumber generator 14 a of the transmission side for the encryption andthe pseudo random number generator 14 b of the reception side for thedecryption, respectively. Therefore, the pseudo random number for theencryption and the pseudo random number for the description aremaintained to be the same. Moreover, the cryptographic data can bedecrypted while being synchronized between the transmission andreception sides by utilizing characteristics of the exclusive-ORoperation. The characteristics of the exclusive-OR operation are asfollows. First, cryptographic data is obtained by taking an exclusive-ORof certain plaintext data and a certain pseudo random number. Then, whenanother exclusive-OR of the above cryptographic data and the same pseudorandom number is taken, the cryptographic data return to the originalplaintext data. In such a manner as described above, necessary plaintextdata can be communicated accurately to a destination.

Moreover, since the pseudo random number generator 14 b is not providedin the personal computer 2 b, a processing load of the personal computer2 b can be reduced.

Furthermore, since the decryption processing cannot be carried outunless the password on the USB key 1 b side and the password on thepersonal computer 2 b side coincide with each other, the confidentialitythereof can be further improved.

Moreover, since the plural types of pseudo random numbers of the chaotictime series can be generated by changing the initial value x(0), pluraltypes of the USB keys 1 can be fabricated, thus making it possible touse the keys in plural groups.

Next, description will be made in detail for a communication processingbetween the USB key and the personal computer, which are provided oneach of the transmission side and the reception side, with reference tothe sequence diagram of FIG. 8.

First, the personal computer 2 makes a request for setup acknowledgmentto the USB key 1 (d21). Then, the USB key 1 determines a state of itsown (Step S21). As a determination result thereof, the USB key 1 returnsACK (setup OK), NAK (under another processing or setup NG) or STALL(some errors) to the personal computer 2 (d22).

Next, the personal computer 2 receives the determination result of theUSB key 1, and determines which of ACK, NAK and STALL the receivedresult is (Step S22). When the received result is NAK, the processingreturns to d21, and when the result is STALL, an error message isdisplayed (Step S23). When the result is ACK, the personal computer 2transmits cipher key information (data size) to the USB key 1, and makesa request for creation of a pseudo random number (PN code) thereto(d23).

Meanwhile, in the USB key 1, the pseudo random number generator 14creates a PN code sequence of the chaotic time series based on the datasize of the cipher key information, the chaotic function and the initialvalue of the chaotic function (Step S24). Then, the USB key 1 returnsDATA0/1 (PN code sequence data composed of “0” and “1”), NAK (undercreation of the PN code sequence) or STALL (some errors) to the personalcomputer 2 depending on a state of creating the PN code sequence (d24).

Next, the personal computer 2 receives the determination result of theUSB key 1, and determines which of DATA0/1, NAK and STALL the receivedresult is (Step S25). When the received result is NAK, the processingreturns to d23, and when the result is STALL, an error message isdisplayed (Step S26). When the result is DATA0/1, the personal computer2 makes a request to the USB key 1 for notification of completing thereception of the PN code sequence (d25).

In the USB key 1, the termination of creating the PN code sequence isacknowledged (Step S27). Depending on the creation state, the USB key 1returns ACK (termination acknowledged), NAK (under some processings) orSTALL (some errors) to the personal computer 2 (d26).

Next, the personal computer 2 receives the determination result of theUSB key 1, and determines which of ACK, NAK and STALL the receivedresult is (Step S28). When the received result is NAK, the processingreturns to d25, and when the result is STALL, an error message isdisplayed (Step S29). When the result is ACK, the personal computer 2 ison standby, that is, in an idle-state until the next command (Step S30).

As described above, the USB key 1 is attached to the personal computer2, and thus communication through USB ports can be carried out duringthe encryption and the decryption.

(Pseudo Random Number Generator)

Next, description will be made for a concrete circuit configuration ofthe above-mentioned pseudo random number generator 14. FIG. 9 is a blockdiagram schematically showing a constitution of the pseudo random numbergenerator. As shown in FIG. 9, the pseudo random number generator 14 isconstituted by including: a chaos generation loop 63 constituted byincluding a pair of one-dimensional map circuits 43 and 51 of one-inputone-output mode for generating the chaotic function, each havingnon-linear input/output characteristics, a pair of CMOS switches 45 and53 for alternately performing opening and closing actions for paths onoutput sides of the respective one-dimensional map circuits 45 and 53 insynchronization with an external clock, and a pair of feedback loops 47and 55 for feedbacking analog outputs of the respective one-dimensionalmap circuits 43 and 51 through the respective CMOS switches 45 and 53 toinput sides of the one-dimensional map circuits 43 and 51 in a crossingmanner; a pair of AD converters 49 and 57 for converting, into digitalsignals, the analog outputs of the respective one-dimensional mapcircuits 43 and 51, which are taken out through the respective CMOSswitches 45 and 53; a DA converter 65 for converting an initial valuex(0) given in a digital signal mode into an analog signal; and a CMOSswitch 67 for performing opening and closing actions for a path on anoutput side of the DA converter 65 in synchronization with the externalclock.

With the elapse of a discrete time t (0, 1, 2, . . . ) defined by theexternal clock in the chaos generation loop 63, the respectiveone-dimensional map circuits 43 and 51 iterate the mapping alternately.Thus, the pseudo random number generator 14 outputs binary sequences aschaotic time series through the respective AD converters 49 and 57.

FIG. 10 is a diagram showing a circuit obtained by integrating thepseudo random number generator 14 shown in FIG. 9. Note that FIG. 9 andFIG. 10 are drawn so as to correspond to each other, and that commonreference numerals are added to members common to both of the drawings.An internal constitution for each block of the pseudo random numbergenerator 14 shown in FIG. 9 will be mentioned with reference to FIG.10.

Each of the one-dimensional map circuits 43 and 51 having input/outputcharacteristics of an approximately “N” shaped form is constituted byincluding six MOS transistors. In FIG. 10, a channel dimension ratio W/L(where W is a width and L is a length) of each transistor is representedas a weight by a number. A CMOS inverter at the first stage gives anincreasing function, and a CMOS inverter at the second stage gives adecreasing function. Function composition is carried out bystandardizing inputs and outputs of both of the CMOS inverters, andconsequently, the input/output characteristics of the approximately “N”shaped form are obtained.

Upon receiving external adjustment voltages 71 and 73, a CMOS inverterat the third stage distorts the input/output characteristics owned bythe one-dimensional map circuits 43 and 51. Voltage values of theexternal adjustment voltages 71 and 73 may be equal to each other, ormay be different from each other. Furthermore, at least any one of theexternal adjustment voltages 71 and 73 may be omitted.

The external adjustment voltages given to input terminals 71 and 73 maybe given by converting digital codes preset by the computer into analogvoltages by the DA converter. In this case, the values of the externaladjustment voltages are changed in the form of step in accordance with aquantization resolution of the DA converter.

Each of CMOS switches 45, 53 and 67 is constituted by combining the CMOSinverter with a transmission gate in which a PMOS transistor and an NMOStransistor are connected in parallel. The CMOS switch is opened andclosed in accordance with a control signal given to each of inputterminals 75, 77 and 79.

A reset pulse giving an initial value is applied to the input terminal75, and the value of the initial value x(0) is given through the DAconverter 65. Specifically, the initial value x(0) of the inner state ofthe loop at the discrete time t=0 is given to the one-dimensional mapcircuit 51 through the DA converter 65 and the CMOS switch 67. Forexample, in a system adopting the DA converter 65 having thequantization resolution of 12 bits, types of the initial values x(0)that can be given reach 2¹²=4096.

External clocks (discrete times t) given to the input terminals 77 and79 are set as rectangular waves that are not superposed on each other.The maximum clock frequency in this case controls the processing speedof this pseudo random number generator. The processing speed is decideddepending on an internal state decision speed of the one-dimensional mapcircuit. When individual parts are breadboarded on a printed board, theclock frequency can be increased up to 20 kHz. This one-dimensional mapcircuit aims to be made into a chip as an integrated circuit using astandard CMOS integrated circuit technology. In the manufacturing of aprototype thereof on the assumption that the minimum dimension is equalto 0.8 μm, it has been confirmed by a simulation that thisone-dimensional map circuit acts on a clock frequency of 1 MHz.

The AD converters 49 and 57 outputting 1-bit data receive the respectiveoutputs of the one-dimensional map circuits 43 and 51 through the CMOSswitches 45 and 53, which open and close alternately in synchronizationwith the external clocks. Then, the AD converters 49 and 57 outputbinary code sequences each in accordance with input levels.

Specifically, by a comparator, each of the AD converters 49 and 57compares an output -voltage of each of the one-dimensional map circuits43 and 51 with a reference voltage obtained by dividing an appliedvoltage by a pair of resistors rA and rB. Then, each of the ADconverters 49 and 57 creates a signal of “0” or “1” by converting thevoltage selected in accordance with a magnitude relationship of the bothvoltages. As the external clocks (discrete time t) proceed, binary codetime series data are taken out alternately from output terminals 59 and61. The binary code time series data that are taken out are array data,each having a random number with “0” and “1” mixed randomly. When asymmetry of the input/output characteristics owned by each of theone-dimensional map circuits 43 and 51 is maintained well, occurrencefrequencies of “0” and “1” become approximately equal to each other. Inthis case, isolated “0” or “1” occurs at a frequency twice that of avalue having continuous numbers such as “00” and “11.” A binary codetime series is obtained, in which both of the binary code time seriestaken out alternately from the respective output terminals 59 and 61 asdescribed above are arrayed in accordance with an integral time series.Thus, the pseudo random number of the chaotic time series can begenerated.

When viewing a world from a viewpoint of the chaos, two same things arenever present in the world. Moreover, when paying attention to therespective input/output characteristics owned by a one-dimensional mapcircuit, it is pretty difficult to maintain a symmetry thereofcompletely. Furthermore, it is also pretty difficult to allow therespective input/output characteristics owned by the pair ofone-dimensional map circuits 43 and 51 to coincide with each othercompletely. In addition, no assurance exists that the AD converters 49and 57 carry out the same quantization. In order to wipe away variousdoubts as described above, it can be said to be extremely effective forthe pseudo random number generator to be implemented as hardware becausesuch hardware implementation makes it possible to produce the sameintegrated circuits through industrial mass production processes.

In the industrial technology of the chaos, the maintaining of theinitial value sensitivity is an extremely important factor. In thepresent invention, the initial value sensitivity is given through the DAconverter 65. Specifically, with regard to the pair of outputs 59, 61 ofthe binary code time series with initial values different from eachother as starting points, the both are not superposed on each other evenif they are to be superposed while shifting phases thereof in anymanner. Thus, the time series are obtained, in which bothauto-correlations and a cross-correlation are sufficiently small.

Now, a binary code time series, in which values taken out alternatelyfrom the output terminals 59 and 61 are arrayed in time series, will bedefined as Y(t). In examples where periodic sequences are cut out to bemade as PN signals, it is only an example that, for example, the binarysequence PN signal of 64-bit period is cut into Y(0) to Y(63), Y(64) toY(127), . . . . If the inner state of the chaos is observed up tot=2¹⁶=65536, then 1024 types of binary sequence PN signals of 64-bitperiod are obtained. When the quantization resolution of the DAconverter 65 giving the initial values is set at 12 bits, the initialvalues can be given in 2¹²=4096 ways. The types of the PN signalsobtained in this case reach 4,194,304.

However, there is no assurance that all the types of the PN signals thustaken out can be used independently. This is because theunpredictability exerted by the sequence of the chaotic codes as the PNsignals greatly depends on parameters such as the individualinput/output characteristics owned by the one-dimensional map circuitand the given initial values. Hence, with regard to the PN signals thustaken out, it is necessary to investigate the auto-correlations andcross-correlation thereof while changing the phases and to verify inadvance that the degrees of correlation are sufficiently small in thesequence other than the period.

In the above-described pseudo random number generator 14, the symmetryof each input/output characteristics owned by each of theone-dimensional map circuits 43 and 51 directly affects outputdistributions of “0,” and “1” in the binary code time series taken outfrom each of the output terminals 59 and 61. In general, in the case ofan ideal-pseudo random number, the output distributions of “0” and “1”become even in ratio. When it is desired that the pseudo random numbergenerator 14 act in such a manner, it is satisfactory that theone-dimensional map circuits 43 and 51 may be designed such that theone-dimensional map circuits 43 and 51 have input/output characteristicsequal to each other, and that the symmetries thereof are maintainedwell.

However, the pseudo random number generator as the industrial technologydoes not necessarily require that the output distributions of “0” and“1” become even in ratio. The reason is as follows. Only if thenecessary condition that the auto-correlations and the cross-correlationwhen shifting the phases are sufficiently small is satisfied, nodisadvantage occurs from a viewpoint of the confidentiality of thecipher even if the ratio of the output distributions of “0” and “1” isbiased in a cryptogram code of a stream cipher. Particularly, the way ofthinking as below can be adopted. Specifically, because a third partycertainly fails to decipher a cryptogram code when it attempts todecipher the cryptogram code on the assumption that a symmetry thereofis maintained well in the case where the one-dimensional map circuits 43and 51 are dared to be designed so that the symmetry is spoiled,robustness of the cryptographic system is rather strengthened.

Moreover, there is no necessity of making the input/outputcharacteristics owned by the one-dimensional map circuits 43 and 51equivalent to each other. Each of the one-dimensional map circuits 43and 51 can be realized by giving weights to the respective transistorsas constituents of its own so that the weights are intentionally madedifferent from one another. Furthermore, even if a design is made sothat the input/output characteristics owned by the circuits 43 and 51are made equivalent to each other, the equivalence of the input/outputcharacteristics of their own can be broken by giving external adjustmentvoltages different from each other for each of the circuits 43 and 51independently. Furthermore, a design may be made such that distortedinput/output characteristics are combined with each other, aiming toexpand a dynamic range of the map.

In the pseudo random number generator 14 described above, on theassumption that the DA converter and the clock generator are notincluded in an object to be made into one chip, as shown in FIG. 10, apseudo random number generator can be realized, in which a sufficientlysmall-scale integrated circuit is made into one chip. While the chaosgeneration loop 63 including the pair of one-dimensional map circuits 43and 51 as principal portions of the pseudo random number generator 14 isconstituted of an analog circuit, the DA converter and the clockgenerator can be constituted of digital circuits. Therefore, it willalso be facilitated to make an integrated circuit including all of theabove into one chip.

In general, the CMOS integrated circuit is designed and realized in theenhanced mode. However, preferably, the CMOS source follower at thefirst stage, which is a constituent of each of the one-dimensional mapcircuits 43 and 51 included in the pseudo random number generator 14, isdesigned and realized in the depression mode. With such a constitution,the MOS transistor can be designed so that a weight thereof is reduced,and thus a well-balanced mask design of the one-dimensional map circuitcan be realized.

The symmetries of the input/output characteristics of theone-dimensional map circuits 43 and 51 and the parameters includingmatching or unmatching between the input/output characteristics owned bythe pair of one-dimensional map circuits 43 and 51 are combined withthe, initial value sensitivity particular to the chaos, thus breakingthe occurrence balance of “0” and “1” of the obtained binary sequencesfinely. A swing phenomenon particular to the chaos, which is originatedfrom variation of the parameters as described above, can contribute tothe improvement of the robustness of the chaotic stream cipher.

Third Embodiment

Next, description will be made in detail for a cryptographic keymanagement device of a third embodiment according to the presentinvention. FIG. 11 is a block diagram showing a constitution of thecryptographic key management device of the third embodiment according tothe present invention. The cryptographic key management device shown inFIG. 11 manages a USB key 1 c constituted to be freely attachable anddetachable to/from a personal computer 2 c, and is characterized in thatthe personal computer 2 c can rewrite a program of a memory 13 c in theUSB key 1 c.

In FIG. 11, the USB key 1 c is constituted by having an input/outputunit 11, a USB controller 12 c, a memory 13 c, and a pseudo randomnumber generator 14. The memory 13 c is an EEPROM, in which informationis not deleted even if a power source is turned off and data writing anddeletion are possible, that is, a flash memory. As shown in FIG. 12, thememory 13 c has an application program area AE1 for storing anapplication program from an address (0000), an initial value, anapplication password PW1 for permission and refusal of use of theapplication program, an update password PW2 for indicating permissionand refusal of update of the application program of the applicationprogram area AE1 (hereinafter, referred to as an update), and a programupdate area AE2 for storing the update program in a unit of apredetermined length (for example, 128 bytes) in an area from an address(F800) to an address (FFFF).

The personal computer 2 c is constituted by having an input/output unit21, a controller 22 c, a memory 23 c, an XOR 24 and a transmission unit25. An input unit 3 and a display unit 4 are connected to the personalcomputer 2 c. Note that, while the personal computer 2 c creatingcryptographic data is exemplified as a personal computer, a personalcomputer decrypting the cryptographic data, for example, the personalcomputer 2 b shown in FIG. 5 may be used instead.

The memory 23 c has a management program 81 for managing the memory 13 cof the USB key 1 c and an update program 82. When updating theapplication program of the application program area in the memory 13 cof the USB key 1 c, the controller 22 c sends out a delete command tothe USB key 1 c to delete the update password therefrom. Then, afterdeleting the update password, the controller 22 c transmits the updateprogram in the unit of the predetermined length to the USB key 1 c.

The USB controller 12 c in the USB key 1 c turns into an update mode bythe deletion of the update password. The USB controller 12 c stores theupdate program from the personal computer 2 c in the unit of thepredetermined length in the program update area, and transports theupdate program, which is stored in the program update area, in the unitof the predetermined length to the application program area.

Next, description will be made for a processing of rewriting the programof the memory in the USB key from the personal computer of thecryptographic key management device of the third embodiment withreference to FIG. 13.

First, the USB key 1 c is attached to the personal computer 2 c (StepS31). When updating the application program in the application programarea in the memory of the USB key 1 c, the personal computer 2 cactivates the management program 81 (Step S32). Then, the personalcomputer 2 c transmits the delete command for deleting the updatepassword to the USB key 1 c (d31). Furthermore, the personal computer 2c activates the update program (Step S33).

Meanwhile, in the USB key 1 c, the USB controller 12 c deletes an isupdate password in the memory 13 c by the received delete command (StepS34), and turns into the update mode (Step S35). Then, the USB key 1 ctransmits update mode information to the personal computer 2 c (d32).

The personal computer 2 c recognizes that the USB key 1 c is in theupdate mode from the received update mode information (Step S36). Aftertransmitting a rewrite command to the USB key 1 c (d33), the personalcomputer 2 c transmits data of the update program in a unit ofpredetermined bytes to the USB key 1 c (d34).

Meanwhile, in the USB key 1 c, the USB controller 12 c writes the updateprogram from the personal computer 2 c in the unit of predeterminedbytes into the program update area in accordance with the receivedrewrite command. In this case, since an update password is included inthe update program, the update password is also written into the memory13 c (Step S37).

Furthermore, the USB controller 12 c transports the update programstored in the program update area in the unit of predetermined bytes tothe application program area (Step S38).

Hence, the application program in the memory of the USB key 1 c can beeasily rewritten from the personal computer 2 c. Moreover, the rewriteof the application program is determined depending on whether or not theupdate password exists. Therefore, only a specific person can rewritethe application program.

In the above, description has been made only for the processing ofrewriting the application program. Description will be made foractivation of the application program and the update program in thememory in the USB key with reference to FIG. 14.

First, when the power source is turned on (Step S41), the USB controller12 c of the USB key 1 c determines whether or not there is the updatepassword in the memory 13 c (Step S42). When there is the updatepassword, the USB controller 12 c activates the application program inthe application program area, and executes a processing from the address(0000) as the storage area (Step S43). Specifically, a usual processingcan be carried out by activating the application program.

Meanwhile, when there is not the update password, the process jumps toan address (F800) in the storage area (Step S44), the update program inthe program update area is activated, and a processing is executed fromthe address (F800) (Step S45). Specifically, the update processing canbe carried out by activating the update program.

Fourth Embodiment

Next, description will be made in detail for a cryptographic keymanagement device of a fourth embodiment according to the presentinvention. FIG. 15 is a block diagram showing a constitution of acryptographic key management device of the fourth embodiment accordingto the present invention. The cryptographic key management device shownin FIG. 15 manages a USB key 1 d constituted to be freely attachable anddetachable to/from a personal computer 2 d, and is characterized in thatthe personal computer 2 d can register an initial value of a chaoticfunction in a memory 13 d in the USB key 1 d.

In FIG. 15, the USB key 1 d is constituted by having an input/outputunit 11, a USB controller 12 d, a memory 13 d, and a pseudo randomnumber generator 14.

The personal computer 2 d is constituted by having an input/output unit21, a controller 22 d, and a memory 23 d. An input unit 3 and a displayunit 4 are connected to the personal computer 2 d. The input unit 3inputs a product number of the USB key and the initial value for eachUSB key 1 d. The controller 22 d allows an initial value table 83 tostore the product number of the USB key and the initial value for eachUSB key 1 d, which are inputted by the input, unit 3.

As shown in FIG. 16, the memory 23 d has the initial value table 83storing the product number of the USB key and the initial value (key ID)of the chaotic function, which are made to correspond to each other, foreach USB key 1 d. Upon being equipped with the USB key 1 d, thecontroller 22 d reads out the initial value corresponding to the productnumber of the USB key 1 d from the initial value table 83, and transmitsthe initial value to is the USB key 1 d. The USB controller 12 d of theUSB key 1 d allows the memory 13 d to store the initial value sent fromthe personal computer 2 d.

Next, description will be made for a processing of preparing the initialvalue table by the personal computer of the cryptographic key managementdevice of the fourth embodiment with reference to FIG. 17.

First, a determination is made as to whether or not the product numberof the USB key 1 d has been inputted (Step S51). In the case where theproduct number of the USB key 1 d has been inputted, the product numberof the USB key 1 d is stored in the initial value table 83 (Step S52).

Next, a determination is made as to whether or not the initial value hasbeen inputted (Step S53). In the case where the initial value has beeninputted, the initial value is stored in the initial value table 83(Step S54).

Next, a determination is made as to whether or not the storingprocessing is terminated for all the USB keys 1 d (Step S55). In thecase where the storing processing is not terminated for all the USB keys1 d, the processing returns to Step S51, from which the processing isexecuted repeatedly. With such a processing, the initial value table 83as shown in FIG. 16 can be prepared, and by the prepared initial valuetable 83, the initial value can be managed for each USB key 1 d.

Next, description will be made for a processing of registering theinitial value from the personal computer 2 d of the cryptographic keymanagement device of the fourth embodiment to the memory 13 d of the USBkey 1 d with reference to FIG. 18.

First, the personal computer 2 d determines whether or not the USB key 1d has been attached thereto (Step S61). When the USB key 1 d has beenattached thereto, the product number of the USB key 1 d is inputtedthereto (Step S62).

Then, the controller 22 d reads out the initial value corresponding tothe inputted product number of the USB key 1 d from the initial valuetable 83 (Step S63), and transmits the read-out initial value to the USBkey 1 d (Step S64).

Next, the USB key 1 d stores the initial value from the personalcomputer 2 d in the memory 13 c (Step S65).

Next, a determination is made as to whether or not the processing ofregistering the initial value is terminated for all the USB keys 1 d(Step S66). In the case where such initial value registration processingis not terminated for all the USB key 1 d, the processing returns toStep S61, from which the processing is executed repeatedly.

Hence, from the personal computer 2 d, the initial value correspondingto the USB key 1 d can be registered in the memory 13 d in the USB key 1d for each USB key 1 d.

Although the initial value has been written into an IC of another chipheretofore, the initial value can be written into the flash memory ofthe CPU in this embodiment.

Fifth Embodiment

Next, description will be made in detail for a decryption device of afifth embodiment according to the present invention. FIG. 19 is a blockdiagram showing a constitution of the decryption device of the fifthembodiment according to the present invention. The decryption deviceshown in FIG. 19 decrypts cryptographic data by use of a USB key 1 econstituted to be freely attachable and detachable to/from a personalcomputer 2 e, and is characterized in that it has a group password as aninitial value to make it possible to share a cryptographic file havingcryptographic data in a group.

The personal computer 2 e is constituted by having an input/output unit21, a controller 22 e, a memory 23, an XOR 24 and a cryptographic file26. An input unit 3 and a display unit 4 are connected to the personalcomputer 2 e. As shown in FIG. 20, the cryptographic file 26 has thecryptographic data in a cryptographic data area. Moreover, in a headerarea, the cryptographic file 26 has an extension (yzg) as group modeinformation for indicating that a plurality of users can use thecryptographic data and has a group ID as a group password inherent inthe plurality of users who can use the cryptographic data.

The controller 22 e determines whether or not an ID inputted from theinput unit 3 has coincided with the group ID stored in the cryptographicfile 26. When the controller 22 e determines that the ID inputted fromthe input unit 3 has coincided with the group ID, the controller 22 etransmits the group ID as an initial value of a chaotic function to theUSB key 1 e, and also transmits a data size of the cryptographic datathereto. The XOR 24 receives, as a cipher key, a pseudo random number ofa chaotic time series, which is generated in a pseudo random numbergenerator 14 e, and also receives the cryptographic data from thecryptographic file 26. Then, the XOR 24 decrypts the cryptographic databy use of the pseudo random number.

The USB key 1 e is constituted by having an input/output unit 11, a USBcontroller 12 e, a memory 13 and the pseudo random number generator 14e. The pseudo random number generator 14 e generates the pseudo randomnumber of the chaotic time series based on the data size of thecryptographic data, the chaotic function and the group ID as the initialvalue of the chaotic function from the personal computer 2 e.

Next, description will be made for a decryption processing of thedecryption device of the fifth embodiment with reference to FIG. 21.

First, the controller 22 e of the personal computer 2 e reads out anextension from the cryptographic file 26 (Step S71), and determineswhether or not the extension is yzg as the group mode information (StepS72). When the extension is yzg, the controller 22 e reads out the groupID of the cryptographic data 26 (Step S73).

Next, upon receiving the group ID (Step S74), the controller 22 edetermines whether or not the inputted group ID and the group ID storedin the cryptographic file 26 coincide with each other (Step S75). Whenthe group IDs coincide with each other, the controller 22 transmits thegroup ID and the data size of the cryptographic data to the USB key 1 e.

Meanwhile, the USB key 1 e generates the pseudo random number of thechaotic time series based on the data size of the cryptographic data,the chaotic function and the group ID as the initial value of thechaotic function from the personal computer 2 e. Then, the USB key 1 etransmits the generated pseudo random number of the chaotic time seriesas the cipher key to the personal computer 2 e.

The personal computer 2 e acquires the pseudo random number from the USBkey 1 e (Step S77). The XOR 24 decrypts the cryptographic data in thecryptographic file 26 by use of the pseudo random number from the USBkey 1 e. Specifically, the group ID is defined as the initial value ofthe chaotic function, thus making it possible to share the cryptographicfile 26 in the group composed of the plurality of users.

Moreover, only when there is the extension yzg as the group modeinformation and the inputted ID coincides with the group ID stored inthe cryptographic file 26, the cryptographic file 26 can be shared inthe group composed of the plurality of users. Specifically theconfidentiality of the data can be further improved.

According to the first aspect of the present invention, since the pseudorandom number generator (cryptographic algorithm) is not made to residein the external device but built in the body of the cryptographic key,it becomes difficult for the third party to decipher the pseudo randomnumber of the chaotic time series as the cipher key. Thus, the data onthe personal computer owned by a person can be prevented from beingbrowsed by the third party.

According to the second aspect of the present invention, the pair ofone-dimensional map circuits iterate the mapping alternately, and theanalog outputs obtained by the mapping are feedbacked in the crossingmanner. Therefore, the divergence and convergence of the analog outputswoven by the pair of one-dimensional map circuits are combined with theinitial value sensitivity particular to the chaos, thus breaking theoccurrence balance of “0” and “1” of the obtained binary sequencesfinely. Such a swing phenomenon particular to the chaos can contributeto the improvement of robustness of the stream cipher using the chaos.

According to the third aspect of the present invention, the initialvalue sensitivity is given through the DA converter. Therefore, withregard to the pair of binary sequences with the initial values differentfrom each other as starting points, the both are not superposed on eachother even if they are to be superposed while shifting phases thereof inany manner. Thus, it is made possible to obtain the chaotic time seriesin which both of the auto-correlations and the cross-correlation aresufficiently small.

Furthermore, according to the fourth aspect of the present invention, itis made possible to adjust the input/output characteristics owned by theone-dimensional map circuit from the outside. Consequently, the types ofthe chaotic time series that can be taken out can be further increased.

According to the fifth aspect of the present invention, when thecryptographic key is attached to the external device, the externaldevice transmits the data size of the plaintext data to thecryptographic key, and encrypts the plaintext data by use of the pseudorandom number of the chaotic time series as the cipher key, the pseudorandom number being sent from the cryptographic key. Therefore, thesimilar effect to that of the first aspect is obtained, and thecryptographic data having high confidentiality can be created.

According to the sixth aspect of the present invention, the exclusive-ORoperation for the pseudo random number obtained by the pseudo randomnumber generator and the plaintext data is executed, thus making itpossible to encrypt the plaintext data.

According to the seventh aspect of the present invention, the externaldevice permits the encryption processing when the password inputted fromthe input unit and the first password stored in the cryptographic keycoincide with each other. Therefore, the confidentiality can beenhanced.

According to the eighth aspect of the present invention, the firstexternal device transmits the data size of the plaintext data to thefirst cryptographic key upon being equipped with the first cryptographickey, and encrypts the plaintext data by use of the pseudo random numberof the chaotic time series from the first cryptographic key to createthe cryptographic data. Moreover, the second external device receivesthe cryptographic data from the first external device, and transmits thedata size of the cryptographic data to the second cryptographic key uponbeing equipped with the second cryptographic key, then decrypts thecryptographic data by use of the pseudo random number of the chaotictime series from the second cryptographic key. Therefore, the plaintextdata on the transmission side can be obtained on the reception side.

According to the ninth aspect of the present invention, the firstexternal device executes the exclusive-OR operation for the pseudorandom number obtained by the pseudo random number generator in thefirst cryptographic key and the plaintext data to encrypt the plaintextdata. Moreover, the second external device executes the exclusive-ORoperation for the pseudo random number obtained by the pseudo randomnumber generator in the second cryptographic key and the cryptographicdata to decrypt the cryptographic data. Therefore, the plaintext data onthe transmission side can be obtained on the reception side.

According to the tenth aspect of the present invention, the encryptionprocessing is permitted on the transmission side when both of thepasswords coincide with each other, and the decryption processing ispermitted on the reception side when both of the passwords coincide witheach other. Therefore, the confidentiality can be enhanced on each ofthe transmission and reception sides.

According to the eleventh aspect of the present invention, the externaldevice sends out the delete command to the cryptographic key to deletethe update password therefrom when updating the program of the programarea in the memory. Then, the external device transmits the updateprogram in the unit of the predetermined length to the cryptographic keyafter deleting the update password. Meanwhile, the cryptographic keyturns into the update mode by the deletion of the update password, andstores the update program from the external device in the unit of thepredetermined length in the program update area. Then, the cryptographickey transports the update program in the unit of the predeterminedlength to the program area, the update program being stored in theprogram update area. Therefore, the program in the memory of thecryptographic key can be rewritten from the external device easily, andthe rewrite of the program is determined depending on whether or not theupdate password exists. Therefore, only the specific person can rewritethe program.

According to the twelfth aspect of the present invention, thecryptographic key can store the update password from the external devicein the memory when storing the update program from the external devicein the program update area.

According to the thirteenth aspect of the present invention, thecryptographic key can activate the program of the program area when theupdate password is stored in the memory when the power source is turnedon, thus making it possible to carry out the usual processing.

According to the fourteenth aspect of the present invention, theexternal device reads out the initial value corresponding to thecryptographic key number from the initial value table to transmit theinitial value to the cryptographic key upon being equipped with thecryptographic key. Meanwhile, the cryptographic key stores the initialvalue from the external device in the memory, and generates the pseudorandom number of the chaotic time series based on the initial valuestored in the memory, the data size of the data and the chaoticfunction. Hence, from the external device, the initial valuecorresponding to the cryptographic key can be registered in the memoryin the cryptographic key for each cryptographic key.

According to the fifteenth aspect of the present invention, when theinput unit inputs the cryptographic key number and the initial value foreach cryptographic key, the storage control units allows the initialvalue table to store the cryptographic key number and the initial valuefor each cryptographic key, which are inputted from the input unit.Therefore, the initial value can be managed for each cryptographic keyby the created initial value table.

According to the sixteenth aspect of the present invention, the externaldevice transmits the group password and the data size of thecryptographic data to the cryptographic key when the inputted passwordcoincides with the group password stored in the cryptographic file.Meanwhile, the cryptographic key generates the pseudo random number ofthe chaotic time series based on the data size of the cryptographic datafrom the external device, the chaotic function and the group password asthe initial value of the chaotic function. Then, the cryptographic keytransmits the generated pseudo random number of the chaotic time seriesas the cipher key to the external device. The external device decryptsthe cryptographic data in the cryptographic file by use of the cipherkey from the cryptographic key. Specifically, the group password isdefined as the initial value, thus making it possible to share thecryptographic file in the group composed of the plurality of users.

According to the seventeenth aspect of the present invention, theexternal device determines whether or not the group mode information isin the cryptographic file. When the group mode information is in thecryptographic file, the external device requests input of the password.Therefore, only when there is the group mode information and theinputted password coincides with the group password stored in thecryptographic file, the cryptographic file can be shared in the groupcomposed of the plurality of users.

The entire content of Japanese Patent Application No. P2001-351903 witha filing data of Nov. 16, 2001 is herein incorporated by reference.

Although the present invention has been described above by reference tocertain embodiment, the invention is not limited to the embodimentdescribed above and modifications will occur to those skilled in theart, in light of the teachings. The scope of the invention is definedwith reference to the following claims.

1-7. (canceled)
 8. An encryption/decryption device for encrypting anddecrypting plaintext data by use of a cipher key, theencryption/decryption device comprising: a first cryptographic keyhaving a pseudo random number generator for generating a pseudo randomnumber of a chaotic time series based on a data size of the plaintextdata, a chaotic function and an initial value of the chaotic function; asecond cryptographic key having a same constitution as the firstcryptographic key; a first external device for transmitting the datasize of the plaintext data to the first cryptographic key upon beingequipped with the first cryptographic key, and for encrypting theplaintext data by use of the pseudo random number of the chaotic timeseries from the first cryptographic key as the cipher key to createcryptographic data; and a second external device for receiving thecryptographic data from the first external device for transmitting adata size of the cryptographic data to the second cryptographic key uponbeing equipped with the second cryptographic key, and for decrypting thecryptographic data by use of the pseudo random number of the chaotictime series from the second cryptographic key as the cipher key.
 9. Theencryption/decryption device according to claim 8, wherein the firstexternal device executes an exclusive-OR operation for the pseudo randomnumber obtained by the pseudo random number generator in the firstcryptographic key and the plaintext data to encrypt the plaintext data,and the second external device executes an exclusive-OR operation forthe pseudo random number obtained by the pseudo random number generatorin the second cryptographic key and the cryptographic data to decryptthe cryptographic data.
 10. The encryption/decryption device accordingto claim 8, wherein the first cryptographic key stores a first passwordin advance, the second cryptographic key stores a second password inadvance, the first external device collates a password inputted from afirst input unit and the first password stored in the firstcryptographic key, and permits an encryption processing when both of thepasswords coincide with each other, and the second external devicecollates a password inputted from a second input unit and the secondpassword stored in the second cryptographic key, and permits adecryption processing when both of the passwords coincide with eachother. 11-17. (canceled)